Introduce --no-superuser-check option.

The current client checks for superuser before attempting to execute pg_repack commands. In Amazon RDS, customers are given access to a psuedo-superuser role called rds_superuser, but they are not given access to superuser. However, rds_superusers will otherwise have the ability to execute pg_repack commands in RDS. This change introduces the --no-superuser-check option in the client code so that users can disable the client-side superuser checks.
2017-02-15 03:15:03 +00:00 · 2017-02-15 03:15:03 +00:00 · 168676b3b6
commit 168676b3b6
parent dfbedb63d9
2 changed files with 11 additions and 0 deletions
--- a/bin/pg_repack.c
+++ b/bin/pg_repack.c
@ -244,6 +244,7 @@ static int				wait_timeout = 60;	/* in seconds */
 static int				jobs = 0;	/* number of concurrent worker conns. */
 static bool				dryrun = false;
 static unsigned int		temp_obj_num = 0; /* temporary objects counter */
+static bool				no_superuser_check = false;

 /* buffer should have at least 11 bytes */
 static char *
@ -269,6 +270,7 @@ static pgut_option options[] =
 	{ 'i', 'T', "wait-timeout", &wait_timeout },
 	{ 'B', 'Z', "no-analyze", &analyze },
 	{ 'i', 'j', "jobs", &jobs },
+	{ 'b', 'k', "no-superuser-check", &no_superuser_check },
 	{ 0 },
 };

@ -371,6 +373,9 @@ is_superuser(void)
 {
 	const char *val;

+	if (no_superuser_check)
+		return true;
+
 	if (!connection)
 		return false;

@ -2064,4 +2069,5 @@ pgut_help(bool details)
 	printf("  -x, --only-indexes        move only indexes of the specified table\n");
 	printf("  -T, --wait-timeout=SECS   timeout to cancel other backends on conflict\n");
 	printf("  -Z, --no-analyze          don't analyze at end\n");
+	printf("  -k, --no-superuser-check  skip superuser checks in client\n");
 }
--- a/doc/pg_repack.rst
+++ b/doc/pg_repack.rst
@ -128,6 +128,7 @@ Options:
  -x, --only-indexes        move only indexes of the specified table
  -T, --wait-timeout=SECS   timeout to cancel other backends on conflict
  -Z, --no-analyze          don't analyze at end
+  -k, --no-superuser-check  skip superuser checks in client

 Connection options:
  -d, --dbname=DBNAME       database to connect
@ -210,6 +211,10 @@ Reorg Options
    Disable ANALYZE after a full-table reorganization. If not specified, run
    ANALYZE after the reorganization.

+``-k``, ``--no-superuser-check``
+    Skip the superuser checks in the client.  This setting is useful for using
+    pg_repack on platforms that support running it as non-superusers.
+

 Connection Options
 ^^^^^^^^^^^^^^^^^^